Lucene search
K

4 matches found

seebug.org
seebug.org
added 2017/11/08 12:0 a.m.75 views

Circle with Disney Backup API Command Injection Vulnerability(CVE-2017-2866)

Summary An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney Product URLs...

9.8AI score0.0308EPSS
Exploits3
NVD
NVD
added 2017/11/07 4:29 p.m.20 views

CVE-2017-2866

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability...

9.9CVSS9.3AI score0.0308EPSS
Exploits2References1
Cvelist
Cvelist
added 2017/11/07 4:0 p.m.19 views

CVE-2017-2866

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability...

9.9CVSS9.3AI score0.0308EPSS
Exploits2References1
CVE
CVE
added 2017/11/07 4:0 p.m.69 views

CVE-2017-2866

CVE-2017-2866 (Circle with Disney) : Concrete details show an OS command injection in the backup API (/api/CONFIG/backup). The vulnerability arises when the attacker-controlled GET parameter appid is passed directly to system after assembling a shell command, allowing arbitrary command execution....

9.9CVSS9.2AI score0.0308EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder